The Comprehensive Access Manager Solution for Your Enterprise
Simple, Secure Access to Network Resources
Identity Server features full support for SAML and the Liberty Alliance Web Service Framework. With this support, your organisation can easily configure user authentication processes and the distribution of identity information among different security domains—whether they are different departments within your organisation or trusted external partners. Your organisation can leverage the standard Liberty Alliance Employee and Person profiles available in Identity Server or define custom attributes and use them in policy enforcement. Identity Server also facilitates seamless federated provisioning, which automatically creates user accounts on a federation request. Without this feature, users would need to register (create a user account) with a service provider before they could federate their identities.
Access Gateway is the HTTP proxy component of Novell Access Manager. As the access point for Web applications, it provides security via authentication, authorisation, Web single sign-on, identity injection and data encryption—all without requiring modification to the actual Web applications. URLs for protected resources, as defined by your administrator, can link to specific Web servers, allowing a single gateway to protect multiple Web servers. The administrator simply changes any DNS entries for specific services from the IP addresses of the corresponding Web servers to the IP address of Access Gateway.
Your administrator can configure different single sign-on policies for each resource and require different Authentication Contracts. When a user attempts to access a resource with an authentication requirement, Access Gateway redirects the user to Identity Server with a request for a specific Authentication Contract. After Identity Server provides the required validation, the user automatically returns to Access Gateway with a successful authentication and role information. The role information—which can be supplemented by additional queries of the user’s identity— determines whether the user is authorised to access the requested resource.